News

Making Security a Business Value

Is Network Security A Part of Your Business Values? Many businesses struggle to gain momentum in making security a priority.

Building a Security Culture-You Can’t do it Alone

Initiating change in an organization isn’t easy but getting stuck in backward thinking is always more painful in the long run. When it comes to building a robust security culture in your organization, you may run into a few naysayers, which is why you will need a team moving this initiative along.

So what are the obstacles and how can you overcome them?

If the main goal is to avoid a security breach then you must make it so difficult for the bad guys to penetrate your network that they go somewhere easier. But what if your current security culture doesn’t reflect the stated goal. It may be one of those goals people like to talk about but never really execute on.

What happens to the security goals or “security culture” when no one is looking? Are the people in charge making smart security decisions?

Where to Begin?

First, assess where you are currently at so you can measure where you need to start. Below are some of the main issues companies deal with:

Bad Habits: Employees are difficult to train in cybersecurity behavior. Modifying their online lives is not a high priority and “making smart security decisions” is a hassle.

Naiveté: Lack of knowledge of the scale of the social engineering threat. Top executives, C-levels, and the general staff aren’t aware of the ten-fold increase of cybercrime and their slippery tactics. Is your security culture ten years behind the current landscape?

No Budget: Money and resources have not been allocated. If it’s not fully understood as a real threat than it’s not a priority.

Culture Change is Difficult: Creating a compelling vision to change and modify employee behavior is extremely challenging and requires internal marketing. Generally, those aren’t areas IT engineers excel in. Finding a team that can handle the company PR in this area is essential.

How to Change the Mindset:

1: Know that Changing Employee Culture is a Challenge

Employees like to think that IT should handle all the security stuff and this isn’t their job. This might have been true ten years ago—but not today. A vision must be communicated that network security is an all hands on deck scenario. In an age of social engineering, it takes more than a good firewall and antivirus to keep an organization safe because an employee’s negligence is now the target. Employees are the number one defense against ransomware.

2. Employees also need to be re-trained out of bad email behavior and relearn how to operate in a less secure world.

Fortunately, when you take the time to explain the risks and the importance of personal responsibility in the networked world, and then train employees to spot the red flags, they will appreciate the time and effort because it also helps them to keep their family stay safe online.

3: Organizations Must Understand the Enormity of the Social Engineering Threat.

A whopping 91% of data breaches began with a phishing attack. However, some still believe the email filter should just work better. Unfortunately, the best of the best email filters still miss on average 10.5% of spam, phishing and malware attachments. That means the human firewall is the last line of defense.

4. Revamp the Budget
The average ROI of security awareness training is around 127%. Can you afford not to spend the money? You will either spend a small fortune in Bitcoin paying a ransom or you can spend a much smaller amount creating an environment where security matters.

5. Think of Security as a Corporate Wide Initiative.
Make it a business priority to develop and amp up security awareness activities. Provide relevant training with interesting material and encourage a movement towards a strong security culture with incentives and occasional phishing tests. Make it fun and a competition—not a shaming scenario.

Transitioning to a corporate culture where security is a priority will not be easy and there will be bumps in the road, but its worth if you care about the long term sustainability of your company. Clients will not put up with massive data breaches and cyber-attacks can destroy a business if they don’t have a security solution in place.

6. Last, Make Security a Value.

This trickles from the top down and is a message that needs to be communicated over and over from the CEO to the intern. A “security culture” is simply a way of doing things that people start to embrace and live in without questioning because they believe in it. Full buy-in is necessary. It only takes one phishing email to cause a catastrophic cyber breach. Make sure the executives reinforce good behavior to the employees and they in return will accept that this is how things are done here.

If you need help with comprehensive security training give EnhancedTECH a call at 714-970-9330 or contact us at [email protected] for a complimentary consultation.

Samantha Keller (AKA Sam) is a published author, tech-blogger, event-planner and mother of three fabulous humans. Samantha has worked in the IT field for the last fifteen years, intertwining a freelance writing career along with technology sales, events and marketing. She began working for EnhancedTECH ten years ago after earning her Bachelor’s degree from UCLA and attending Fuller Seminary. She is a lover of kickboxing, extra-strong coffee, and Wolfpack football.Her regular blog columns feature upcoming tech trends, cybersecurity tips, and practical solutions geared towards enhancing your business through technology.